Several months after launching Security Copilot, Microsoft has announced Security Copilot with AI agentsdesigned to collaborate autonomously with IT teams and professionals in areas such as phishing, data security and identities management.
The first of Security Copilot agents is dedicated to Phishing triage, and is able to manage this type routine alerts and attacks. to identify real threats and false alarms. It offers simple explanations about their decisions and improves detection, based on analysts’ comments.
In this way, cybersecurity professionals can focus on more complex threats, as well as apply proactive security measures. But it is not the only one, since Microsoft has integrated another nine in Security Copilot. Five developed by the company and another five by its partners, which will be available in the test phase from April.
The agents developed by Microsoft are integrated with their security solutions and make IT teams autonomously manage security and IT tasks. They learn from comments, adapt to workflows and work safely and in line with the zero confidence framework of Microsoft. They also improve response time, prioritize irrigation and drive efficiency. They will be available throughout the end -to -end security platform of the company.
The second of the agents is actually a set of them: Microsoft Purview’s alert triage agents. They are responsible for classifying the alerts for the prevention of internal data and risks, give priority to critical incidents and continuously improve precision, based on the comments of the administrators.
The following agent is dedicated to the optimization of Microsoft’s conditional access, supervising the new users or applications that are not covered by existing policies. It also identifies the necessary updates to close the safety gaps, in addition to recommending quick solutions for identity equipment to apply them with a click.
Regarding the Microsoft Vulnerabilities Correction Agent Intune, supervises and prioritizes vulnerabilities and remediation tasks, with the aim of solving application configuration problems and policies. It also accelerates Windows patches with the administrator’s approval.
The last of the agents developed by Microsoft that will be launched in April is that of Threat Intelligence of Security Copilot, which automatically collects relevant data on threats based on the unique characteristics of an organization and in its exposure to threats.
Agents for Copilot Security developed by third parties
As we have mentioned, there are five other solutions from Security Co -nursing agents developed by Microsoft Partners. The first is a response agent to OneTrust privacy gaps. PRIVACY BREACH Response AGENT BY ONETrust Analyzes data gaps to offer advice to the privacy team on compliance with regulatory requirements.
Aviatrix has developed a network supervisor agent, Network Supervisor Agent, which is responsible for carrying out root cause analysis, as well as summarizing problems related to interruptions and connection failures VPN, Gateway or Site2Cloud.
Blueboyant, meanwhile, has generated the dry tooling agent. Its mission is to evaluate a security operations center, as well as the state of the controls, to make recommendations to optimize security operations and improve controls and compliance with the standards.
Tanium gutters with an alert triage agent (Alert Triage Agent), which offers analysts the necessary context for decision making about each alert with agility and safety. Finally, Task Optimizer Agent, from Fletch, helps companies. to anticipate and prioritize more critical threat alerts to reduce alert overload and improve safety.
More Microsoft solutions to protect AI
In addition to these agents, Microsoft has announced the Microsoft Purview Data Safety Research Solutionthat helps data security equipment to understand and mitigate the risks associated with the exhibition of confidential information.
Data security research capacities also expand the Microsoft Purview data security offer, since they enter a deep content analysis promoted by AI. With this confidential data and security risks are discovered in information related to incidents in several languages.
In addition, you can establish unique correlations between incident data, users and their activities. It can be used to collaborate with associated equipment to improve mitigation and simplify tasks that consume a lot of time. It can also be integrated with Microsoft security solutions, and will be accessible from an incident of defending or a Purview case. Purview’s data security research capabilities will be available in the test version since April.
Also in trial version, Microsoft has announced Microsoft Purview browser DLP controlsintegrated in Edge for Business. In this way, safety equipment can apply data loss prevention policies to avoid sensitive data in generative AI applications, such as Chatgpt or Deepseek.
On the other hand, Microsoft Defender has expanded the security management of AI with the inclusion of Google Vertexai and the models of the Ai Foundry calagog. Available in tests since May, this coverage includes Gemini, Gemma, Llama, Mistral and Personalized Models.
Also in May they will arrive at Microsoft to defend the new and improved detection capabilities for several risks of the AI identified by OWASP, such as indirect prompt injection attacks, the exposure of sensitive data and cryptocurrency scams. With these capabilities, personalized AI applications with new security capabilities for Azure OpenAi Service and Ai Foundry catalog models can be better protected.
Microsoft enters Internet Access already has a web category filter to facilitate the application of granular access controls that can reduce the risk of “the shade”, through the application of policies that regulate which users and groups have access to different types of AI applications.
Finally, Microsoft Defender para Office 365 It will arrive in April to protect the suite users against phishing and other threats within Teams. With online protection, Teams will have more protection against malicious URLs. In addition, soc teams will have complete visibility of attack attempts and related incidents, with alerts and data available in Microsoft Defender.
